I'm currnetly working on a sniffer. A WinPOP
sniffer program, it's a proof of concept only.
But I got into problems.
1) I already found 3 kinds of WinPOPup messages
using 137 UDP 138 UDP and 139 TCP ports
2) I cant find any structure definitions for
Netbios UDP or SMB TCP packets. Such as you find in
netinet/udp.h tcp.h
ip.h
3) Is there some document describing the WinPOP
service. ow the packets are bulit and how does
that mechanism works.
I also found that almost every client that claims
to be compatible with WinPOP service is not compatible
with samba. On my network we use RealPopup from http://www.realpopup.it/matro wich is
nice small and fast
but it send messages using UDP port 138 and samaba
does not recieve those messages. However RealPop has no
problem in recieving messages from samba witch uses
139 TCP.
I'm writing here hoping for some help on the
subject. Definitions of headers would be nice. The rest i can
figure out using tcpdump (witch makes a lot of SMb
and NBT packet decoding). Any help is nice.
Atom
---------------------------------------------------------------------
Thor the samba UI in PHP
check it out at http://freshmeat.net/projects/thor
---------------------------------------------------------------------
|